Abstract
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic.This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ∼50% of the mining power - even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages.We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.
Original language | English |
---|---|
Title of host publication | 2017 IEEE Symposium on Security and Privacy, SP 2017 - Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 375-392 |
Number of pages | 18 |
ISBN (Electronic) | 9781509055326 |
DOIs | |
State | Published - 23 Jun 2017 |
Event | 2017 IEEE Symposium on Security and Privacy, SP 2017 - San Jose, United States Duration: 22 May 2017 → 24 May 2017 |
Publication series
Name | Proceedings - IEEE Symposium on Security and Privacy |
---|---|
ISSN (Print) | 1081-6011 |
Conference
Conference | 2017 IEEE Symposium on Security and Privacy, SP 2017 |
---|---|
Country/Territory | United States |
City | San Jose |
Period | 22/05/17 → 24/05/17 |
Bibliographical note
Publisher Copyright:© 2017 IEEE.
Keywords
- BGP
- BGP hijack
- Bitcoin
- Cryptocurrency
- P2P networks
- Routing